From acf8c4a91a76bf8049f6bfbd95b04e2e36bae4ea Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Thu, 18 May 2017 10:45:26 +0200 Subject: Revert "trust: Honor "modifiable" setting in persist file" This reverts commit 8eed1e60b0921d05872e2f43eee9088cef038d7e, which broke "trust anchor --remove". --- trust/input/verisign-v1.p11-kit | 1 - trust/parser.c | 10 +--------- trust/test-parser.c | 1 - 3 files changed, 1 insertion(+), 11 deletions(-) (limited to 'trust') diff --git a/trust/input/verisign-v1.p11-kit b/trust/input/verisign-v1.p11-kit index aea49ea..eaa080d 100644 --- a/trust/input/verisign-v1.p11-kit +++ b/trust/input/verisign-v1.p11-kit @@ -1,6 +1,5 @@ [p11-kit-object-v1] trusted: true -modifiable: false -----BEGIN CERTIFICATE----- MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG diff --git a/trust/parser.c b/trust/parser.c index 52d1128..41513d4 100644 --- a/trust/parser.c +++ b/trust/parser.c @@ -610,7 +610,6 @@ p11_parser_format_persist (p11_parser *parser, { CK_BBOOL modifiablev = CK_TRUE; CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *attr; p11_array *objects; bool ret; int i; @@ -631,14 +630,7 @@ p11_parser_format_persist (p11_parser *parser, ret = p11_persist_read (parser->persist, parser->basename, data, length, objects); if (ret) { for (i = 0; i < objects->num; i++) { - /* By default, we mark objects read from a persist - * file as modifiable, as the persist format is - * writable. However, if CKA_MODIFIABLE is explictly - * set in the file, respect the setting. */ - attrs = objects->elem[i]; - attr = p11_attrs_find_valid (objects->elem[i], CKA_MODIFIABLE); - if (!attr) - attrs = p11_attrs_build (attrs, &modifiable, NULL); + attrs = p11_attrs_build (objects->elem[i], &modifiable, NULL); sink_object (parser, attrs); } } diff --git a/trust/test-parser.c b/trust/test-parser.c index 088cff9..b5c2525 100644 --- a/trust/test-parser.c +++ b/trust/test-parser.c @@ -168,7 +168,6 @@ test_parse_p11_kit_persist (void) { CKA_CLASS, &certificate, sizeof (certificate) }, { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) }, { CKA_TRUSTED, &truev, sizeof (truev) }, - { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, { CKA_INVALID }, }; -- cgit v1.1